 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.703267 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-3267-1) |
| Summary: | The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3267-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3267-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library. CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue. CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling. CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS. CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site. CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21. For the stable distribution (jessie), these problems have been fixed in version 43.0.2357.65-1~ deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 43.0.2357.65-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1251 BugTraq ID: 74723 http://www.securityfocus.com/bid/74723 Bugtraq: 20161123 CVE-2015-1251: Chrome blink SpeechÂ-RecognitionÂ-Controller use-after-free details (Google Search) http://www.securityfocus.com/archive/1/539824/100/0/threaded Debian Security Information: DSA-3267 (Google Search) http://www.debian.org/security/2015/dsa-3267 http://seclists.org/fulldisclosure/2016/Nov/136 https://security.gentoo.org/glsa/201506-04 http://blog.skylined.nl/20161123001.html http://zerodayinitiative.com/advisories/ZDI-15-236/ http://www.securitytracker.com/id/1032375 SuSE Security Announcement: openSUSE-SU-2015:0969 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html SuSE Security Announcement: openSUSE-SU-2015:1877 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1252 Common Vulnerability Exposure (CVE) ID: CVE-2015-1253 Common Vulnerability Exposure (CVE) ID: CVE-2015-1254 Common Vulnerability Exposure (CVE) ID: CVE-2015-1255 Common Vulnerability Exposure (CVE) ID: CVE-2015-1256 Common Vulnerability Exposure (CVE) ID: CVE-2015-1257 Common Vulnerability Exposure (CVE) ID: CVE-2015-1258 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1259 Common Vulnerability Exposure (CVE) ID: CVE-2015-1260 Common Vulnerability Exposure (CVE) ID: CVE-2015-1261 Common Vulnerability Exposure (CVE) ID: CVE-2015-1262 Common Vulnerability Exposure (CVE) ID: CVE-2015-1263 Common Vulnerability Exposure (CVE) ID: CVE-2015-1264 Common Vulnerability Exposure (CVE) ID: CVE-2015-1265 BugTraq ID: 74727 http://www.securityfocus.com/bid/74727 https://www.exploit-db.com/exploits/37766/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3910 BugTraq ID: 74730 http://www.securityfocus.com/bid/74730 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |